Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Sep 2000 10:58:18 -0400
From:      "Troy Settle" <troy@psknet.com>
To:        <treif1@netaxs.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   tarpitting bad HTTP requests (WAS: RE: question)
Message-ID:  <BFEGKDHLHDNOJEIHJDBACECFCAAA.troy@psknet.com>
In-Reply-To: <39CF6209.5AAD0F8D@reif.cncdsl.com>

next in thread | previous in thread | raw e-mail | index | archive | help

I've not tested this myself, but you might have good luck with using the
ErrorDocument directive to redirect to either a cgi script or just your main
page.

ErrorDocument 401 /index.html
or
ErrorDocuemnt 401 /cgi-bin/tarpit.pl

If you opt for the cgi idea, you can then use a perl or other script to do
your tar pitting.  But, before you make this effort, make sure that this
will do what you expect.  I assume that you've actually examined the logs to
see that the /same/ host is sending several bad requests in rapid
succession?

G'luck,

--
  Troy Settle
  Pulaski Networks
  540.994.4254

It's always a long day, 86400 doesn't fit into a short



> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of webmaster
> Sent: Monday, September 25, 2000 10:33 AM
> To: freebsd-questions@FreeBSD.ORG
> Subject: question
>
>
> I have searched extensively for info on this subject and
> have found nothing. I admin a server which gets allot of
> bad requests daily. In fact, it has over 400 meg in bad
> log files daily.
>
> I asked a real Unix guru about the problem and he recommended
> using tar pitting. The idea is that every time a bad request
> is generated by an I.P. the time the server takes to respond is
> increased.
> Example:
> Bad request #1. server answers with 401 error in 1 second
> Bad request #1. server answers with 401 error in 2 seconds
> Bad request #1. server answers with 401 error in 4 seconds
>
> This sounds like the perfect answer to many problems with
> a variety of server attacks. The problem is I can only find
> info on the subject relating to spam mail and sendmail.
> Any help would be extremely appreciated.
>
> Thanks in advance for your time.
> Terry Reifsnyder
>
> Please RE: treif1@netaxs.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BFEGKDHLHDNOJEIHJDBACECFCAAA.troy>